As use of the Internet and other network architectures increases, the problems and harmful effects of spyware and other “malware” increases exponentially. The term “malware” is used herein to connote any software that may be installed onto a computer without the user's full consent or awareness, including software that may gather information from the computer, sometimes without the user's knowledge. Malware may present a privacy, security or productivity risk to the user's computer system. It would be desirable to provide methods, systems and software products that could enable the user to understand how and where their system obtained such malware, since this would also enable the user to prevent re-installation of the malware, which might otherwise compromise their privacy and their productive use of their computer system.
Malware can be installed onto a computer in various ways, sometimes with the unwitting assistance of an unsuspecting computer user. Described below are some of the methods by which malware can be installed on a given system:
Peer-to-Peer file sharing software: Such software (an example of which is Kazaa) enables a user to share files with many other users on the Internet. This type of software typically includes ad-supported versions that may themselves be, or include, malware, and may install other third-party malware applications. In many instances, since the End-User License Agreement (EULA) associated with such file sharing software is verbose and cryptic, the user is likely to simply ignore the agreement and simply click “I Accept”, even though the EULA may explicitly indicate that spyware or other malware applications are about to be or may later be installed. Thus, the user may not be fully aware of the nature or extent of the software to be installed, the malware that may be included therein, and the scope of what such software can do.
Pop-Up Downloads: This category includes software that is installed by prompting the user via a pop-up or other prompting device while the user browses the Internet. Typically, such installations can be accomplished using methods such as ActiveX or the like. For example, the user may accept the installation of a pop-up download prompt in order to proceed to another Web page, or if they are given the impression that the software may serve a valid and necessary purpose. In addition, if the user chooses to “Always Accept” pop-up downloads from a particular company or other source, that source can then execute a “Drive-By Download” (next described) of additional software without requiring the users permission, whenever the user visits a company-related site.
Drive-By-Downloads: This category includes software that is installed without prompting the user for permission, while they are browsing the Internet. Typically this also can be accomplished using ActiveX or the like, or via a security hole in the browser or operating system (OS). In the case of ActiveX, the user typically browses to a Web page that contains code that uses an existing component on their system to deliver the malware payload. Other types of browser or OS security holes could allow code fragments from a Web page to arbitrarily execute commands on the user's system.
Other Ad-Supported Applications: These may include ad-supported applications include music players, audio/video coder-decoders, weather or stock monitoring software and browser add-on software. These applications may be or include malware, and potentially may install other third-party malware that poses a privacy, security or productivity threat to a user's system.
Operating System Security Holes: As alluded to above, operating systems frequently have many security holes that can be exploited by such malware as viruses, trojans, downloaders and worms. These security “back doors” allow Malware to spread from system to system. The existence of certain malware on a given system may aid in the delivery of other, different malware payloads.
E-mail/Newsgroup Attachments: Malicious emails that contain content designed to install malware represent a serious and growing threat. Malware delivered and executed via email can be installed either with the user's intervention, such as when the user opens an attachment, or with no user intervention at all, by exploiting an application event security hole like the automatic HTML preview feature in an email application.
Instant Messenger Application Exploits: Another recent problem is the use of Instant Messenger products to deliver malware to many different users. Typically, an IM user may receive a message notification through their IM application that entices them to install a malware application that claims to perform a specific task. Once installed, the application integrates with their IM application, using it as a base for broadcasting further messages, without the user's knowledge or consent, to other users in their “Buddy List”, in order to promote further downloads of the malware or other application, to display Web pages, ads or other content of which the user may be unaware.